rust-keylime icon indicating copy to clipboard operation
rust-keylime copied to clipboard
verified publisher icon keylime

IMA emulator: improve polling mechanism

Open ansasaki opened this issue 3 years ago • 3 comments

Currently the polling mechanism is a simple loop.

ansasaki avatar May 12 '22 15:05 ansasaki

Last time I looked at it, the file was not pollable: https://patchwork.kernel.org/project/linux-integrity/patch/[email protected]/ But it's half a year ago and the situation might have changed. @stefanberger do you know of any further update on this area?

ueno avatar May 12 '22 15:05 ueno

Sorry, I have no update...

I just tried your v2 patch but it seems to be stuck in poll().

strace tail -f /sys/kernel/security/ima/ascii_runtime_measurements

It should show base64 when I run it but doesn't seem to come back from poll(). It does show base64 on the restart of tail as expected.

I have the following policy on my system:

dont_measure fsmagic=0x9fa0
dont_measure fsmagic=0x62656572
dont_measure fsmagic=0x64626720
dont_measure fsmagic=0x1021994
dont_measure fsmagic=0x1cd1
dont_measure fsmagic=0x42494e4d
dont_measure fsmagic=0x73636673
dont_measure fsmagic=0xf97cff8c
dont_measure fsmagic=0x43415d53
dont_measure fsmagic=0x27e0eb
dont_measure fsmagic=0x63677270
dont_measure fsmagic=0x6e736673
dont_measure fsmagic=0xde5e81e4
measure func=MMAP_CHECK mask=MAY_EXEC
measure func=BPRM_CHECK mask=MAY_EXEC
measure func=FILE_CHECK mask=MAY_READ uid=0

stefanberger avatar May 12 '22 17:05 stefanberger

Thank you for checking; let me come up with v3 shortly.

ueno avatar May 13 '22 06:05 ueno